watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-04 04:37:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Block share token from all editing permissions.

Browse source 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mike Cao 2026-01-24 19:13:49 -08:00
parent e782c2e627
commit fdafe13c35
6 changed files with 89 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/permissions/entity.ts
View file

@ -5,7 +5,11 @@ import type { Auth } from '@/lib/types';
import { getTeamUser } from '@/queries/prisma'; import { getTeamUser } from '@/queries/prisma';
export async function canViewEntity({ user }: Auth, entityId: string) { export async function canViewEntity({ user }: Auth, entityId: string) {
if (user?.isAdmin) { if (!user) {
return false;
}
if (user.isAdmin) {
return true; return true;
} }
@ -25,6 +29,10 @@ export async function canViewEntity({ user }: Auth, entityId: string) {
} }
export async function canUpdateEntity({ user }: Auth, entityId: string) { export async function canUpdateEntity({ user }: Auth, entityId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -45,6 +53,10 @@ export async function canUpdateEntity({ user }: Auth, entityId: string) {
} }
export async function canDeleteEntity({ user }: Auth, entityId: string) { export async function canDeleteEntity({ user }: Auth, entityId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }

14
src/permissions/link.ts
View file

@ -4,7 +4,11 @@ import type { Auth } from '@/lib/types';
import { getLink, getTeamUser } from '@/queries/prisma'; import { getLink, getTeamUser } from '@/queries/prisma';
export async function canViewLink({ user }: Auth, linkId: string) { export async function canViewLink({ user }: Auth, linkId: string) {
if (user?.isAdmin) { if (!user) {
return false;
}
if (user.isAdmin) {
return true; return true;
} }
@ -24,6 +28,10 @@ export async function canViewLink({ user }: Auth, linkId: string) {
} }
export async function canUpdateLink({ user }: Auth, linkId: string) { export async function canUpdateLink({ user }: Auth, linkId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -44,6 +52,10 @@ export async function canUpdateLink({ user }: Auth, linkId: string) {
} }
export async function canDeleteLink({ user }: Auth, linkId: string) { export async function canDeleteLink({ user }: Auth, linkId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }

14
src/permissions/pixel.ts
View file

@ -4,7 +4,11 @@ import type { Auth } from '@/lib/types';
import { getPixel, getTeamUser } from '@/queries/prisma'; import { getPixel, getTeamUser } from '@/queries/prisma';
export async function canViewPixel({ user }: Auth, pixelId: string) { export async function canViewPixel({ user }: Auth, pixelId: string) {
if (user?.isAdmin) { if (!user) {
return false;
}
if (user.isAdmin) {
return true; return true;
} }
@ -24,6 +28,10 @@ export async function canViewPixel({ user }: Auth, pixelId: string) {
} }
export async function canUpdatePixel({ user }: Auth, pixelId: string) { export async function canUpdatePixel({ user }: Auth, pixelId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -44,6 +52,10 @@ export async function canUpdatePixel({ user }: Auth, pixelId: string) {
} }
export async function canDeletePixel({ user }: Auth, pixelId: string) { export async function canDeletePixel({ user }: Auth, pixelId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }

26
src/permissions/team.ts
View file

@ -4,6 +4,10 @@ import type { Auth } from '@/lib/types';
import { getTeamUser } from '@/queries/prisma'; import { getTeamUser } from '@/queries/prisma';
export async function canViewTeam({ user }: Auth, teamId: string) { export async function canViewTeam({ user }: Auth, teamId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -12,6 +16,10 @@ export async function canViewTeam({ user }: Auth, teamId: string) {
} }
export async function canCreateTeam({ user }: Auth) { export async function canCreateTeam({ user }: Auth) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -20,6 +28,10 @@ export async function canCreateTeam({ user }: Auth) {
} }
export async function canUpdateTeam({ user }: Auth, teamId: string) { export async function canUpdateTeam({ user }: Auth, teamId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -30,6 +42,10 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
} }
export async function canDeleteTeam({ user }: Auth, teamId: string) { export async function canDeleteTeam({ user }: Auth, teamId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -40,6 +56,10 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
} }
export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) { export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -54,6 +74,10 @@ export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUs
} }
export async function canCreateTeamWebsite({ user }: Auth, teamId: string) { export async function canCreateTeamWebsite({ user }: Auth, teamId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -64,5 +88,5 @@ export async function canCreateTeamWebsite({ user }: Auth, teamId: string) {
} }
export async function canViewAllTeams({ user }: Auth) { export async function canViewAllTeams({ user }: Auth) {
return user.isAdmin; return user?.isAdmin ?? false;
} }

14
src/permissions/user.ts
View file

@ -1,10 +1,14 @@
import type { Auth } from '@/lib/types'; import type { Auth } from '@/lib/types';
export async function canCreateUser({ user }: Auth) { export async function canCreateUser({ user }: Auth) {
return user.isAdmin; return user?.isAdmin ?? false;
} }
export async function canViewUser({ user }: Auth, viewedUserId: string) { export async function canViewUser({ user }: Auth, viewedUserId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -13,10 +17,14 @@ export async function canViewUser({ user }: Auth, viewedUserId: string) {
} }
export async function canViewUsers({ user }: Auth) { export async function canViewUsers({ user }: Auth) {
return user.isAdmin; return user?.isAdmin ?? false;
} }
export async function canUpdateUser({ user }: Auth, viewedUserId: string) { export async function canUpdateUser({ user }: Auth, viewedUserId: string) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -25,5 +33,5 @@ export async function canUpdateUser({ user }: Auth, viewedUserId: string) {
} }
export async function canDeleteUser({ user }: Auth) { export async function canDeleteUser({ user }: Auth) {
return user.isAdmin; return user?.isAdmin ?? false;
} }

16
src/permissions/website.ts
View file

@ -15,7 +15,7 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
const entity = await getEntity(websiteId); const entity = await getEntity(websiteId);
if (!entity) { if (!entity || !user) {
return false; return false;
} }
@ -33,10 +33,14 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
} }
export async function canViewAllWebsites({ user }: Auth) { export async function canViewAllWebsites({ user }: Auth) {
return user.isAdmin; return user?.isAdmin ?? false;
} }
export async function canCreateWebsite({ user }: Auth) { export async function canCreateWebsite({ user }: Auth) {
if (!user) {
return false;
}
if (user.isAdmin) { if (user.isAdmin) {
return true; return true;
} }
@ -101,6 +105,10 @@ export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
} }
export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) { export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) {
if (!user) {
return false;
}
const website = await getWebsite(websiteId); const website = await getWebsite(websiteId);
if (!website) { if (!website) {
@ -117,6 +125,10 @@ export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string
} }
export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) { export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) {
if (!user) {
return false;
}
const website = await getWebsite(websiteId); const website = await getWebsite(websiteId);
if (!website) { if (!website) {